CVE-2012-1675

Severity

75%

Complexity

99%

Confidentiality

106%

The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."

The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison."

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 12 years ago

2012-05-08 22:55:00

Last updated 6 years ago

2018-08-23 12:51:00

Affected Software

オラクル データベースサーバ 10g 10.2.0.3

10.2.0.3

オラクル データベースサーバ 10g 10.2.0.4

10.2.0.4

オラクル データベースサーバ 10g 10.2.0.5

10.2.0.5

Oracle Database Server 11g 11.1.0.7

11.1.0.7

Oracle Database Server 11g 11.2.0.2

11.2.0.2

Oracle Database Server 11g 11.2.0.3

11.2.0.3

Oracle Database Server 11.2.0.4

11.2.0.4

References

SUSE-SU-2012:0765

Mailing List, Third Party Advisory

20120418 The history of a -probably- 13 years old Oracle bug: TNS Poison

Exploit, Mailing List, Third Party Advisory

20120428 Oracle TNS Poison vulnerability is actually a 0day with no patch available

Mailing List, Third Party Advisory

VU#359816

Third Party Advisory, US Government Resource

MDVSA-2013:150

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html

Vendor Advisory

53308

Exploit, Third Party Advisory, VDB Entry

1027000

Third Party Advisory, VDB Entry

https://blogs.oracle.com/security/entry/security_alert_for_cve_2012

Vendor Advisory

oracledatabase-tnslistener-spoofing(75303)

VDB Entry

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.